How to limit MFA prompt to just the first login/session

Hi there!

I’m trying to configure my application so that the user only gets an MFA_CHALLENGE after they enroll for the first time or if their device changes. I’ve been through the sign-on rules and tried setting this up but haven’t had any luck getting the app to behave this way. Currently it will prompt with every login attempt.

So far I’ve tried adding a new rule to the Sign On Policy at the application level and in the Authentication section. Here’s my configuration:

Any help would be greatly appreciated!

Did you check the Remember Device By Default in your sign on policy? This will automatically check the box ‘Do not challenge me on this device again’ checkbox on the login page. So once the user authenticates on that device with whatever factor they have setup they shouldn’t get prompted again.

If they login in with a different browser/device, then they will get prompted for the factor. Again by default the ‘Do not challenge me on this device again’ checkbox would be checked and that should only be challenged that time on that device.

Hi Erik, Thanks for the reply!

Yeah, I have checked the “Remember Device by Default” option in the setup. I’ve also set the device to always remember as well:
val verifyRequest = authClient.instantiate(
I still get the prompt regardless.

So I assume it does work for you from the Okta login page, but you are having issues with one of our java SDKs?

Could you provide the exact SDK and version you are using?
If you could also provide some details on your application and how clients access it that would be helpful.